[14570] in Kerberos
Re: Solaris 8 and libresolv
daemon@ATHENA.MIT.EDU (flaminio)
Wed Jun 13 05:18:25 2001
From: flaminio <Livio.Flaminio@agat.univ-lille1.fr>
Date: Tue, 12 Jun 2001 09:53:46 +0200
Message-ID: <3B25CA8A.34AF3D34@agat.univ-lille1.fr>
To: kerberos@MIT.EDU
"Casper H.S. Dik - Network Security Engineer" wrote:
> [[ PLEASE DON'T SEND ME EMAIL COPIES OF POSTINGS ]]
>
> flaminio <Livio.Flaminio@agat.univ-lille1.fr> writes:
>
> >has anybody compiled Kerberos 1.2.2 under Solaris 8 ?
>
> >gmake[2]: Entering directory
> >`/site/src/krb5/krb5-1.2.2/sparc/tests/resolve'
> >LD_LIBRARY_PATH=`echo -L../../lib | sed -e "s/-L//g" -e "s/ /:/g"`;
> >export LD_LIBRARY_PATH; ./resolve
> >Hostname: MY-UNQUALIFIED-HOSTNAME
> >Host address: MY_IP_NO
> >FQDN: MY-UNQUALIFIED-HOSTNAME
> >Resolve library did not return a fully qualified domain name
> >You may have to reconfigure the kerberos distribution to select a
>
> This basically indicates a brokeness in your local configuration.
>
> Solaris is differennt from other systems in that linking w/ -lresolv
> does not force the use of the DNS reosolved for gethostbyname().
>
agreed
>
> The reasonf or this is simple, we believe that it is inappropriate for
> an application to have a compiled in hostname resolution policy that
> contradicts the one laid down by the system administrator.
>
> But it thus give the system adminsitartor an extra burden: to make applciation
> that require gethostbyname() to return an FQDN, he must configure
> NIS/NIS+ and /etc/hosts such that they return a FQDN; that something
> you didn't do.
>
Do you mean that /etc/hosts (or NIS/NIS+ tables ) should look like
XXX.YYY.ZZZ.WWW MyHost.MyDNSdomain MyHost
instead of
XXX.YYY.ZZZ.WWW MyHost
(plus, naturally, appropriate /etc/defaultdomain and./etc/ethers for boot clients
...) ?
Well , this fix the problem, I know that. If I would be installing my parc of
machiens
today it would be probably a sensible solution However I would like to avoid
solution
that would force me to a drastic change of policy on all my machines: I would not
how many things would go broken.
In particular it's very annoying that in with the above /etc/hosts /bin/
hostname
returns the FQhostname.
>
> You can also download a Sun supported version of Kerberos from www.sun.com.
>
but the libraries ? where is libkrb5.so ? I need the kerberos libraries to
compile kerberised applications
(sasl, postgresql, openldap, horde, imp, ) . I would be very happy to be
mistaken
but it doesn't seem to me that the Sun supported version of Kerberos has all the
libraries that are needed
> Casper
> --
> Expressed in this posting are my opinions. They are in no way related
> to opinions held by my employer, Sun Microsystems.
> Statements on Sun products included here are not gospel and may
> be fiction rather than truth.
